http://www.ozzie.net/blog/stories/2002/08/22/nondiscretionaryControlsCantLiv... Nondiscretionary Controls: can't live with 'em, can't... ...can't get 'em right. In my quest to build real security into both Notes and Groove, I've repeatedly run into tough issues related to nondiscretionary controls and other challenges in the ex post facto control of released information. I'm well aware of the fact that this sounds, to most people, like a very geeky and obscure problem; something that they shouldn't have to deal with. But in fact it's an issue that's at the forefront of Hollywood's digital dilemma, and it's something that every PC user should really understand. And it's probably worth a rant. Let me first try to explain it in straightforward terms: 1) In order to view or use or otherwise consume information on your PC - regardless of whether it's text, or music, or numbers in a spreadsheet - the information must first be transmitted to your PC. It's there, on your PC. 2) The originator of that information sometimes wishes to exercise restrictive controls over how you may consume that information, even once it's resident on your PC. Perhaps they want to limit it to one listening, or one viewing. Maybe they don't want you to press the "Print Screen" key. Maybe they don't want you exporting it, or forwarding it to someone else, or taking it with you after you leave the company. Let's refer to this as "Digital Restrictions Management", or DRM. 3) Let's even go further and say that you are the original creator of content. But that you create it within the context of a DRM system. Thus, a party other than the creator can limit the creator's free will in exercising control over the content that they created. Welcome to the world of Nondiscretionary Controls. That is, controls that can involuntarily release you of your control. Why is this an issue? Well, people who are serious about security insist that, on principle, you shouldn't give people a false sense of security by creating products that protect information with a veneer that can trivially be stripped away by a competent programmer, engineer, or rocket scientist. The simple rule of thumb is as follows: if the data is on your PC and can be consumed even once, it's ultimately uncontrollable. Why? Because then it's just a matter of cleverness and time and cost before someone can "liberate" it from its controls. (Trusted Computing initiatives and efforts such as Palladium aim to close even these holes, but require hardware not present in today's PC.) MORE ON http://www.ozzie.net/blog/stories/2002/08/22/nondiscretionaryControlsCantLiv...